101 matches found
CVE-2020-10951
Western Digital My Cloud Home and ibi devices before 2.2.0 allow clickjacking on sign-in pages...
EUVD-2020-3355
Malware in sbrugna...
EUVD-2020-29820
Malware in sbrugna...
EUVD-2022-28108
Malicious code in bioql PyPI...
EUVD-2022-39046
Malicious code in bioql PyPI...
EUVD-2022-39045
Malicious code in bioql PyPI...
EUVD-2022-39042
Malicious code in bioql PyPI...
EUVD-2022-39043
Malicious code in bioql PyPI...
EUVD-2022-28117
Malicious code in bioql PyPI...
EUVD-2023-26931
Malicious code in bioql PyPI...
CVE-2023-22819
An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventually resulting in the service being stopped and restarted was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi a...
CVE-2022-36329
An improper privilege management issue that could allow an attacker to cause a denial of service over the OTA mechanism was discovered in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi devices.This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before...
CVE-2022-22997
Addressed a remote code execution vulnerability by resolving a command injection vulnerability and closing an AWS S3 bucket that potentially allowed an attacker to execute unsigned code on My Cloud Home devices...
CVE-2022-36326
An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventually resulting in the service being stopped and restarted was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi a...
CVE-2020-8990
Western Digital My Cloud Home before 3.6.0 and ibi before 3.6.0 allow Session Fixation...
CVE-2024-22168 Cross-Site Scripting (XSS) vulnerability on Western Digital My Cloud and SanDisk ibi Web Apps
A Cross-Site Scripting XSS vulnerability on the My Cloud, My Cloud Home, SanDisk ibi, and WD Cloud web apps was found which could allow an attacker to redirect the user to a crafted domain and reset their credentials, or to execute arbitrary client-side code in the user’s browser session to carry...
Multiple Western Digital Products Cross-Site Scripting Vulnerability
Western Digital My Cloud is a personal cloud storage device from Western Digital. A security vulnerability exists in multiple Western Digital products that stems from the presence of a cross-site scripting XSS vulnerability that could allow an attacker to redirect a user to a crafted domain and...
The vulnerabilities of the operating systems of network storage devices My Cloud OS, cloud storage services My Cloud Home, and My Cloud Home Duo, as well as SanDisk iBI, are related to uncontrolled resource consumption. This allows attackers to cause service interruptions.
The vulnerabilities of the My Cloud OS, My Cloud Home, and My Cloud Home Duo network storage systems, as well as the SanDisk iBI device, are related to uncontrolled resource consumption. Exploiting these vulnerabilities can allow an attacker to cause service interruptions...
The vulnerabilities of the My Cloud OS, cloud storage services My Cloud Home and My Cloud Home Duo, as well as SanDisk iBI, are related to insufficiently checked incoming requests. This allows attackers to perform SSRF attacks.
The vulnerabilities of the My Cloud OS for network storage devices, as well as the My Cloud Home and My Cloud Home Duo cloud storage services, and the SanDisk iBeacon device, are related to insufficiently checked incoming requests. Exploiting these vulnerabilities can allow attackers to execute...
CVE-2023-22817
Server-side request forgery SSRF vulnerability that could allow a rogue server on the local network to modify its URL using another DNS address to point back to the loopback adapter. This could then allow the URL to exploit other vulnerabilities on the local server. This was addressed by fixing D...